Bybit Hacking Incident Analysis: Security Challenges of CEXs

Overview: Bybit Theft Incident

On February 21, 2025, the cryptocurrency exchange Bybit suffered a serious security incident, resulting in the theft of assets from its Ethereum (ETH) multi-signature cold wallet. The direct loss from this incident exceeded $1.5 billion, as hackers manipulated the smart contract logic of the cold wallet through sophisticated attack methods and stole a large amount of cryptocurrency assets.

Image:Bybit Official Announcement

Attack details and hacker tactics analysis

Based on the analysis of the incident, hackers gained access to Bybit’s multi-signature cold wallet system through sophisticated means. By exploiting vulnerabilities in the front-end UI, the attackers successfully deceived the signers of the multi-signature wallet into signing malicious content in a fake interface, thus taking control of the cold wallet. Specifically, the attackers tampered with the smart contract logic, causing the signers to see the correct transaction address, while the actual signed content transferred the funds to an address controlled by the hacker.

Image:https://x.com/evilcos/status/1892979598826315830

Stolen Assets and Fund Flows

According to on-chain data analysis, the stolen assets include:

• 401,347 ETH, about 11.2 billion US dollars;
• 90,376 stETH, about 2.53 billion US dollars;
• 15,000 cmETH, about $44.13 million;
• 8,000 mETH, about 23 million US dollars.

The above prices are calculated based on the prices at the time of the theft on the evening of February 21st.

These funds were transferred by hackers to multiple addresses and exchanged stETH and mETH for ETH through decentralized exchanges (DEX) to further launder the funds. To avoid tracking, the hacker dispersed the ETH to 49 addresses on the same day, with each address transferring approximately 10,000 ETH.

Bybit official response and industry feedback

After the incident, Bybit co-founder and CEO Ben Zhou confirmed the attack on X platform and emphasized that other wallets on the platform were not affected, and user withdrawal services are normal. He stated that even if the stolen funds cannot be recovered, Bybit still has the ability to pay and can withstand this loss. On-chain analyst ZachXBT and others called on major exchanges to blacklist the hacker’s address to prevent further circulation of stolen funds. In addition, security company Beosin quickly added the relevant addresses to its KYT tag library and issued alerts.

Gate.com’s fund security measures

Gate.com will spare no effort to assist in the recovery of the stolen funds from Bybit. Exchanges in the industry attach great importance to this incident, Gate.com CEO Han Lin stated that they will strengthen industry cooperation to enhance crypto security together.

Image:https://x.com/gate_io/status/1893010282810876194

Gate.com has always attached great importance to the security of user funds and has taken a series of innovative measures to ensure the security of platform assets. In January 2025, Gate.com announced the latest reserve data, with a total reserve of up to $10.328 billion, a reserve ratio of 128.58%, far exceeding the industry standard of 100%. Among them, Gate.com holds over 20,000 BTC and 257,000 ETH, with reserve ratios of 123.06% and 112.04% respectively. In addition, Gate.com has also introduced zero-knowledge proof (zk-SNARK) technology, further enhancing the platform’s transparency and privacy protection capabilities, allowing users to verify the adequacy of platform assets without revealing any transaction details.

In the world of cryptocurrency, security is the most critical concern for users. Gate.com is well aware of this significant responsibility and always prioritizes the security of user assets. Through meticulous management of cold wallets and hot wallets, combined with advanced technologies such as user balance snapshots and Merkle tree structure, regular security audits, comprehensive optimization of asset storage and management processes, we ensure the security and transparency of every asset.

The recent theft incident has once again sounded the alarm for industry security. Gate.com will take this as a lesson, continuously upgrade its security protection system, introduce more advanced technological means and risk monitoring mechanisms, and ensure the platform is as solid as a rock. We promise to spare no effort in safeguarding the assets security of every user, providing users with a stable, reliable, and trustworthy trading environment. Choosing Gate.com means choosing peace of mind and security.

Gate Learn has also compiled articles on blockchain security for everyone to study, always stay alert:https://www.Gate.com/learn/topics?category=security&page=1&sort=updated_at

Summary

The Bybit theft incident once again reminds the cryptocurrency industry that exchanges are facing increasingly complex security threats. With the development of the industry, exchanges must continuously innovate security technologies and strengthen the protection of user assets. In addition to basic cold wallet protection, smart contract audits, and multi-signature mechanisms, exchanges should also introduce more cutting-edge technologies, such as artificial intelligence and blockchain analysis, to enhance security capabilities. Innovation in security technologies in the cryptocurrency industry will be a key factor in determining the long-term competitiveness of exchanges.